Tips and Tricks

This is a page where user-contributed notes are published for everybody's perusal. If you have something you thing would be good for this page, feel free to send it to the mailing list (see front page for address).

Useful Notice Entries

These go into your notice_local.xml.

Broken DHCP clients

<notice id="dhcp-broken">
  <regex>dhcpd: already acking lease (\S+)</regex>
  <report>broken dhcp client: %s</report>
</notice>

Spamd Children Limit

<notice id="spamd-children">
  <regex>spamd\[.*: hit max-children limit \((\d+)\)</regex>
  <report>spamd: max-children limit of %s reached</report>
</notice>

Low Toner warnings for reporting HP printers

<notice id="toner">
  <regex>toner/ink low</regex>
  <report>low toner</report>
</notice>

Rudimentary SELinux notices (Warning: NOISY!)

<notice id="selinux-denied">
  <regex>audit\S+:\s+avc:\s+denied\s+\{\s([^\}]+)\s\}.*exe=(\S+).*scontext=(\S+)</regex>
  <report>SELinux: denied "%s" for "%s" (scontext=%s)</report>
</notice>

CRON invocations

<notice id="crond">
  <regex>CROND\S+: \((\S+)\) CMD \(([^\)]+)\)</regex>
  <report>Cron: user '%s' (%s)</report>
</notice>

Pager.py

If you use file publishing with notifications, and especially if you have reports coming in every hour or so, you may find it useful to use this small CGI that I wrote to add Previous/Next links to the top and bottom of each report. Download pager.py and put it in your cgi-bin directory. Modify the path to the reports repository in the script itself and set the pubroot in /etc/epylog/epylog.conf to point to pager.py in this manner, e.g.:

pubroot = https://monitor.dept.duke.edu/epylog/pager.py?

You should be able to click the link in the email and have Previous/Next report links added to the report, as well as a drop-down with all other reports that are available. Don't forget to limit access to pager.py, as your logs may contain sensitive data!

The file is attached to this page.